Back to skill
Skillv1.0.3
ClawScan security
Zooz · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 1:39 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are consistent with a Membrane-based ZOOZ integration and do not request unrelated secrets or system access.
- Guidance
- This skill appears internally consistent: it uses the Membrane CLI to manage ZOOZ connections and actions and does not ask for unrelated secrets or system access. Before installing or running it: (1) verify the @membranehq/cli package on npm (maintainer, download counts, recent version) before running a global install; (2) review Membrane's privacy/security documentation since authentication and credentials are managed server-side by Membrane; (3) prefer running CLI installs in a controlled environment (container or VM) if you are cautious about global npm packages; (4) confirm the homepage/repo links match the vendor you expect; and (5) be aware the agent can call the skill autonomously (platform default) — if you want to restrict that, adjust agent invocation policies.
Review Dimensions
- Purpose & Capability
- okThe skill name/description (ZOOZ integration) align with the SKILL.md: it instructs the agent to use the Membrane CLI to connect to ZOOZ, discover and run actions, and create actions when needed. There are no declared requirements or actions that are unrelated to integrating with ZOOZ via Membrane.
- Instruction Scope
- okSKILL.md is instruction-only and stays on-topic: it describes installing the Membrane CLI, authenticating (browser-based or headless flow), creating connections, listing and running actions. It does not instruct the agent to read arbitrary files, environment variables, or system configuration outside of the auth flow and Membrane CLI usage.
- Install Mechanism
- noteThere is no install spec in the registry, but the README instructs users to run `npm install -g @membranehq/cli@latest`. This is a reasonable, common install path, but installing global npm packages pulls code from the npm registry and is a user-side action; users should verify the package and publisher before installing. The skill itself does not auto-install anything.
- Credentials
- okThe skill declares no required environment variables or secrets. Authentication is delegated to Membrane (browser-based login/connection flow). This is proportionate to the stated purpose; no unrelated credentials are requested.
- Persistence & Privilege
- okalways:false and there are no requested config paths or changes to other skills. The skill can be invoked autonomously by the agent (default behavior), which is normal; there is no elevated persistence or cross-skill configuration.